|
Category | Attacks | Compromised services | Target NDN aspects | Possible directions |
|
Infrastructure protection | DOS | (1) Authentication (2) Availability | (1) Routing and forwarding plane | (1) Interface-based rate limit (2) Name-based rate limit (3) Statistical rate limit |
Black-hole and gray-hole | (1) Availability | (1) Routing and forwarding plane | (1) Securing the forwarding plane (2) Use of secure namespace |
Wormhole | (1) Confidentiality | (1) Data packets | (1) Use of content names instead of device identifications (2) Performing name-based forwarding |
Man-in-the-middle | (1) Authentication (2) Confidentiality (3) Integrity (4) Nonrepudiation | (1) Data packets (2) Forwarding plane | (1) Content-based security mechanism (2) Securing the content during the creation (3) Attaching access control policies with content |
|
Content protection | Bogus information | (1) Authentication (2) Integrity | (1) Data plane | (1) Securing the content using cryptographic hashing techniques and public-private keys |
Replay | (1) Authentication (2) Integrity | (1) Data packet (2) Cache store | (1) Fetching content from the cache store based lifetime (2) Requesting only the fresh content |
|
Content and user privacy | Sybil | (1) Authentication (2) Availability | (1) Routing and forwarding plane | (1) Securing content-name binding (2) Preserving blockchain-based identity |
Masquerade | (1) Authentication (2) Nonrepudiation (3) Integrity | (1) Routing and forwarding plane | (1) Preserving blockchain-based identity |
Timing attack | (1) Availability | (1) Data packets (2) Caching store | (1) Securing the forwarding plane (2) Trust-based forwarding scheme (3) Reputation-based caching and forwarding |
Snooping attack | (1) Authentication | (1) Data packets | (1) Applying content-based security mechanisms (2) Adding access rules within Data packets |
|